Apache under attack and eating resources?
philip+freebsd at paeps.cx
Sun Sep 28 16:59:43 PDT 2003
This might be more related to an Apache-security list, but as the machine is
running FreeBSD, I thought I'd ask here first.
In the last two weeks, I've been seeing some very strange errors in my logs a
few times daily around the same times. While this happens, load averages go
through the roof (I've seen 36+, which is outragous), and the machine becomes
First there's a few million of these:
httpd in free(): warning: recursive call
Many megs of logfiles, in fact, then, suddenly, I get some that yell:
httpd in malloc(): warning: recursive call
Those are followed closely by:
[Mon Sep 29 01:10:57 2003] [notice] child pid 88809 exit signal Segmentation fault (11)
And then it repeats, frequently saying these as well:
httpd in free(): warning: page is already free
FATAL: emalloc(): Unable to allocate 40 bytes
Allowed memory size of 8388608 bytes exhausted (tried to allocate 10 bytes)
httpd in free(): warning: chunk is already free
My logs are filling up with these, and I'm not sure where to look.
Crossreferencing the times with vhost error logs and access logs isn't turning
up anything spectacular. The loads around the times when this occurs aren't
staggering either, so I'm thinking perhaps someone is DoS'ing my machine :-/
Has anyone else seen this problem recently? I found some posts in Google and
other archives mentioning Apache going berzerk like this, but no real
I have MaxClients set to 175, and Apache never complains about that being too
low. I don't have any particular ulimits set, as the defaults always worked
well. In fact, this is the first time I've ever seen a FreeBSD scream for
resources without me sitting at it and torturing it myself.
- Philip [worried]
Philip Paeps Please don't CC me, I am
subscribed to the list.
A real diplomat is one who can cut his neighbor's throat without having
his neighbor notice it. -- Trygve Lie
More information about the freebsd-security